From ee3c5d1c8dc4929f4d288d49eb0c5287d0b708a8 Mon Sep 17 00:00:00 2001
From: ru <ru@FreeBSD.org>
Date: Tue, 20 Jun 2000 11:41:48 +0000
Subject: Added true support for PPTP aliasing.  Some nice features include:

- Multiple PPTP clients behind NAT to the same or different servers.

- Single PPTP server behind NAT -- you just need to redirect TCP
  port 1723 to a local machine.  Multiple servers behind NAT is
  possible but would require a simple API change.

- No API changes!

For more information on how this works see comments at the start of
the alias_pptp.c.

PacketAliasPptp() is no longer necessary and will be removed soon.

Submitted by:	Erik Salander <erik@whistle.com>
Reviewed by:	ru
Rewritten by:	ru
Reviewed by:	Erik Salander <erik@whistle.com>
---
 sys/netinet/libalias/alias.c | 59 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 52 insertions(+), 7 deletions(-)

(limited to 'sys/netinet/libalias/alias.c')

diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c
index eaaedac..e4770fe 100644
--- a/sys/netinet/libalias/alias.c
+++ b/sys/netinet/libalias/alias.c
@@ -76,6 +76,9 @@
     Version 2.3 Dec 1998 (dillon)
 	- Major bounds checking additions, see FreeBSD/CVS
 
+    Version 3.1 May, 2000 (eds)
+	- Added hooks to handle PPTP.
+
     See HISTORY file for additional revisions.
 
     $FreeBSD$
@@ -90,12 +93,6 @@
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
 
-#ifndef IPPROTO_GRE
-#define IPPROTO_GRE 47
-#define IPPROTO_ESP 50
-#define IPPROTO_AH  51
-#endif
-
 #include "alias_local.h"
 #include "alias.h"
 
@@ -105,6 +102,7 @@
 #define IRC_CONTROL_PORT_NUMBER_1 6667
 #define IRC_CONTROL_PORT_NUMBER_2 6668
 #define CUSEEME_PORT_NUMBER 7648
+#define PPTP_CONTROL_PORT_NUMBER 1723
 
 
 
@@ -181,6 +179,7 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
     ProtoAliasIn(), ProtoAliasOut()
     UdpAliasIn(), UdpAliasOut()
     TcpAliasIn(), TcpAliasOut()
+    GreAliasIn()
 
 These routines handle protocol specific details of packet aliasing.
 One may observe a certain amount of repetitive arithmetic in these
@@ -234,6 +233,8 @@ static int UdpAliasIn (struct ip *);
 static int TcpAliasOut(struct ip *, int);
 static int TcpAliasIn (struct ip *);
 
+static int GreAliasIn(struct ip *);
+
 
 static int
 IcmpAliasIn1(struct ip *pip)
@@ -725,6 +726,39 @@ ProtoAliasOut(struct ip *pip)
 }
 
 
+static int
+GreAliasIn(struct ip *pip)
+{
+    u_short call_id;
+    struct alias_link *link;
+
+/* Return if proxy-only mode is enabled. */
+    if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
+        return (PKT_ALIAS_OK);
+
+    if (PptpGetCallID(pip, &call_id)) {
+	if ((link = FindPptpIn(pip->ip_src, pip->ip_dst, call_id)) != NULL) {
+	    struct in_addr alias_address;
+	    struct in_addr original_address;
+
+	    alias_address = GetAliasAddress(link);
+	    original_address = GetOriginalAddress(link);
+	    PptpSetCallID(pip, GetOriginalPort(link));
+
+	    /* Restore original IP address. */
+	    DifferentialChecksum(&pip->ip_sum,
+				 (u_short *)&original_address,
+				 (u_short *)&pip->ip_dst,
+				 2);
+	    pip->ip_dst = original_address;
+
+	    return (PKT_ALIAS_OK);
+	} else
+	    return (PKT_ALIAS_IGNORED);
+    } else
+	return ProtoAliasIn(pip);
+}
+
 
 static int
 UdpAliasIn(struct ip *pip)
@@ -903,6 +937,11 @@ TcpAliasIn(struct ip *pip)
         int accumulate;
         u_short *sptr;
 
+/* Special processing for IP encoding protocols */
+        if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
+         || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
+            AliasHandlePptpIn(pip, link);
+
         alias_address = GetAliasAddress(link);
         original_address = GetOriginalAddress(link);
         proxy_address = GetProxyAddress(link);
@@ -1070,9 +1109,12 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
         if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER
          || ntohs(tc->th_sport) == FTP_CONTROL_PORT_NUMBER)
             AliasHandleFtpOut(pip, link, maxpacketsize);
-        if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1
+        else if (ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_1
          || ntohs(tc->th_dport) == IRC_CONTROL_PORT_NUMBER_2)
             AliasHandleIrcOut(pip, link, maxpacketsize);
+        else if (ntohs(tc->th_dport) == PPTP_CONTROL_PORT_NUMBER
+         || ntohs(tc->th_sport) == PPTP_CONTROL_PORT_NUMBER)
+            AliasHandlePptpOut(pip, link);
 
 /* Adjust TCP checksum since source port is being aliased */
 /* and source address is being altered                    */
@@ -1301,6 +1343,9 @@ PacketAliasIn(char *ptr, int maxpacketsize)
             case IPPROTO_TCP:
                 iresult = TcpAliasIn(pip);
                 break;
+            case IPPROTO_GRE:
+                iresult = GreAliasIn(pip);
+                break;
 	    default:
 		iresult = ProtoAliasIn(pip);
                 break;
-- 
cgit v1.1